http://www.databreaches.net/?p=9189
La. restaurants suffering credit card ‘nightmare’
December 28, 2009 by admin Filed under Business Sector, ID Theft, U.S.
Jason Brown of The Advocate has a story today about restauranteurs’ lawsuits against Radiant Systems and Computer World, a lawsuit covered previously on the blog. Of note, Brown cites a Secret Service agent involved in the case:
Luiz Velez, resident agent in charge of the Secret Service’s Baton Rouge office, said each hack involved restaurants using Internet-based computer systems. [Any restaurant attached to the Internet could be vulnerable. Bob]
Velez said more than 100,000 cards were exposed and conservatively placed the fraud loss for area banks at about $1.2 million.
Although 100,000 cards and $1.2 million might not sound huge when contrasted to mega-breaches like Heartland Payment Systems’ breach, this particular breach reportedly caused at least one restaurant to close its doors and another to give up taking credit cards. And of course, we only know about less than a dozen or so restaurants. Could there be other restaurants using this POS software that also had breaches that we haven’t learned about yet? It seems likely.
Charles Y. Hoff, general counsel for the Georgia Restaurant Association and one of the attorneys assisting in the Lafayette lawsuit, said he has received a multitude of calls from restaurant owners all over the country regarding similar claims.
“It is not isolated and it is something that is a real concern on a national level,” Hoff said.
“Intent” is not the same as “capability. “ I may intend to carve the Turkey, but when my crazy cousin Eddie pushes me over the edge, I suddenly find what my new electric carving knife is capable of.
http://www.pogowasright.org/?p=6667
Einstein and Citizens’ Privacy
December 28, 2009 by Dissent Filed under Govt, Surveillance
Einstein is an intrusion detection – and soon an intrusion prevention – system the government is deploying to safeguard government IT systems. Some cybersecurity experts contend Einstein has the potential to intrude on the privacy of individual Americans, a concern Philip Reitinger dismisses.
Reitinger, deputy undersecretary of the Department of Homeland Security’s National Protection and Programs Directorate and director of the National Cybersecurity Center, says the only purpose of Einstein is to protect government networks.
“To that end, it is not our intention to go out and seek things like personally identifiable information,” Reitinger said in the second of a two-part interview with GovInfoSecurity.com. “Our intent is instead, say, what constitutes an attack? What is malicious traffic? And when we see something that is malicious traffic, that is an attempt to compromise a government system, and quite conceivably impair the privacy of Americans who data is held or the people who are working on those government systems, that we can detect that and stop it, and do a better job of actually protecting privacy.”
Source: GovInfoSecurity. You can listen to Part 1 of Eric Chabrow’s interview with Reitinger here.
I haven't pointed to Bruce recently. But he still writes a good logical blog.
http://www.schneier.com/blog/archives/2009/12/separating_expl.html
Schneier on Security
A blog covering security and security technology.
December 26, 2009
Separating Explosives from the Detonator
… For years I've been saying this:
Only two things have made flying safer [since 9/11]: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.
This week, the second one worked over Detroit. Security succeeded.
… I wish that, just once, some terrorist would try something that you can only foil by upgrading the passengers to first class and giving them free drinks. [Amen Bob]
(Related) Follow-up on the over reaction to an inept terrorist. (I'll also use this in my Statistics class.)
http://www.fivethirtyeight.com/2009/12/odds-of-airborne-terror.html
The Odds of Airborne Terror
by Nate Silver @ 1:58 PM 12.27.2009
… Over the past decade, according to BTS, there have been 99,320,309 commercial airline departures that either originated or landed within the United States. Dividing by six, we get one terrorist incident per 16,553,385 departures.
… There were a total of 674 passengers, not counting crew or the terrorists themselves, on the flights on which these incidents occurred. By contrast, there have been 7,015,630,000 passenger enplanements over the past decade. Therefore, the odds of being on given departure which is the subject of a terrorist incident have been 1 in 10,408,947 over the past decade. By contrast, the odds of being struck by lightning in a given year are about 1 in 500,000. This means that you could board 20 flights per year and still be less likely to be the subject of an attempted terrorist attack than to be struck by lightning.
(Related) More fun facts! Make you want to buy more life insurance?
http://johnbakersblog.co.uk/odds-of-dying-in-a-terrorist-attack/
Odds of Dying in a Terrorist Attack
john baker, March 28th, 2009.
You are 12,571 times more likely to die from cancer than from a terrorist attack
You are 11,000 times more likely to die in an airplane accident than from a terrorist plot involving an airplane
You are 17,600 times more likely to die from heart disease than from a terrorist attack
You are 1048 times more likely to die from a car accident than from a terrorist attack
You are eight times more likely to be killed by a police officer than by a terrorist
Could this happen here?
UK Consumers To Pay For Online Piracy
Posted by samzenpus on Tuesday December 29, @01:51AM from the music-rolls-down-hill dept.
Wowsers writes
"An article in The Times states that UK consumers will be hit with an estimated £500m ($800m US) bill to tackle online piracy. The record and film industries have managed to convince the government to get consumers to pay for their perceived losses. Meanwhile they have refused to move with the times, and change their business models. Other businesses have adapted and been successful, but the film and record industries refuse to do so. Surely they should not add another stealth tax to all consumers."
[From the article:
The Digital Economy Bill would force internet service providers (ISPs) to send warning letters to anyone caught swapping copyright material illegally, and to suspend or slow the connections of those who refused to stop. ISPs say that such interference with their customers’ connections would add £25 a year to a broadband subscription.
Ministers have not estimated the cost of the measures but say that the cost of the initial letter-writing campaign, estimated at an extra £1.40 per subscription, will lead to 40,000 households giving up their internet connections. Impact assessments published alongside the Bill predict that the measures will generate £1.7 billion in extra sales for the film and music industries over the next ten years, as well as £350 million for the Government in extra VAT.
[I'm not sure any of those numbers have a basis in reality. Bob]
This kind of article makes for great projects in my Computer Security class.
http://www.pogowasright.org/?p=6664
Code That Protects Most Cellphone Calls Is Divulged
December 28, 2009 by Dissent Filed under Featured Headlines, Other
Kevin J. O’Brien reports:
A German computer engineer said Monday that he had deciphered and published the secret code used to encrypt most of the world’s digital mobile phone calls, in what he called an attempt to expose weaknesses in the security of the world’s wireless systems.
The action by the encryption expert Karsten Nohl aimed to question the effectiveness of the 21-year-old GSM algorithm, a code developed in 1988 and still used to protect the privacy of 80 percent of the world’s mobile calls.
“This shows that existing GSM security is inadequate,” Mr. Nohl, 28, told about 600 people attending the Chaos Communication Congress, a four-day computer hacker’s conference that runs through Wednesday here. “We are trying to push operators to adopt better security measures for mobile phone calls.”
Read more in The New York Times.
Not the first to recognize this. Will the Anti-trust lawyers beat the Class Action lawyers to the punch? Or is the Copyright lobby too powerful for both of them?
http://www.eff.org/deeplinks/2009/12/doctorow-how-destroy-book
Doctorow, How to Destroy the Book
Commentary by Fred von Lohmann December 28th, 2009
… When I buy an audiobook on CD, it’s mine. The license agreement, such as it is, is “don’t violate copyright law,” and I can rip that CD to mp3, I can load it to my iPod or any number of devises—it’s mine; I can give it away, I can sell it; it’s mine. But when you buy an audiobook through Audible, which now controls 90 per cent of the [downloadable] audiobook market, you get a license agreement, not a property interest. The things that you can do with it are limited by DRM; the players you can play it on are limited by the license agreements with Audible. Audible doesn’t do this because the publishers ask them to. Audible and iTunes, because Audible is the sole supplier to iTunes, do this because it’s in their own interest....
I haven't played with this one yet, but I plan to.
How To Fix Common Windows Problems In A Snap With FixWin
By Varun Kashyap on Dec. 28th, 2009
No comments:
Post a Comment